Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.0.0 Release Notes

New Features in the 12.0 Release 

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

Rebranding to Account for Transition  

Names of products, components, and other items have been rebranded to account for the transition from McAfee to Secure Web Gateway.

Action for Certificate Error to be Decided by User  

When a certificate error occurs, it is shown in the browser, so that you can decide which action to take.

Configurable OCSP/CRL Domain to Support Proxy Mode  

When configuring a proxy mode for Secure Web Gateway, you can select the OCSP or CRL domain that information about revoked certificates is retrieved from.

Validation of customer ID and Shared secret for UCE hybrid 

For UCE hybrid customers using SCP, a configurable option has been provided to validate the customer ID and shared secret. It ensures if the traffic from multiple tenants should be allowed to go to UCE via same on-prem Secure Web Gateway.

Property for Logging Next-hop Proxy Address  

A new property is provided that allows you to log the IP addresses of next-hop proxies in the logging cycle on Secure Web Gateway.

Tomcat Upgrade  

Tomcat has been upgraded to version 9.

LogJ4 Upgrade  

LogJ4 has been upgraded from version 1.x to 2.x.

Resolved Issues in the 12.0 Release  

This release resolves known issues.

NOTE: Secure Web Gateway 12.0 is provided as a controlled release.      

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

JIRA issue numbers are provided in the reference columns.

Network communication      

Reference Description
WP-4835 Exceptions that had been entered in the Port Redirection table based on IP addresses are working as expected for the Transparent Bridge mode.

Other      

Reference Description
WP-4465 Tomcat has been upgraded from version 7.x to version 9.x
WP-4599 User can decide which action to be taken when a certificate error occurs.
WP-4767 Resolved SWG not processing traffic issue when used along with HSM , due to threads hanging in critical section lock.
WP-4850 SWG extracts the X-SWEB-CustomerId header and checks if it matches the customerId configured in UCE hybrid settings.
WP-4874 A new property is provided that allows you to log the IP addresses of next-hop proxies in the logging cycle on Secure Web Gateway.
WP-4887 Opening a document of the application/postscript media type no longer results in false as a value for the MediaTypeHasOpener property after this media type was added to the list of media types than can be handled by the File Opener on Secure Web Gateway.
WP-4935 The version check fails no longer when new kernel are released.
WP-4937 A failure of the SaaS Connector on Secure Web Gateway does not occur anymore.
WP-4945 A memory leak in ICAP client has been fixed.

Vulnerabilities Fixed    

Reference Description

WP-4723, WP-4733, WP-4762, WP-4766, WP-4781, WP-4834, WP-4841, WP-4871, WP-4949, WP-4950, WP-4951

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2022-24903 - There is no impact on SWG because as it is not
    configured to be a receiver by default.
  • CVE-2022-2068 - There is no impact. Affected script is not shipped by
    default on customer instances.
  • CVE-2022-34914 - There is a critical impact. Immediate upgrade is
    strongly recommended.
  • CVE-2022-1271 - There is a moderate impact on SWG since it
    requires CLI access to the instance to be exploite
  • CVE-2022-2097 - There is a Low impact, since vulnerability only
    affects 32bit implementation and does not affect TLS.
  • CVE-2020-26116 - There is no impact on SWG, since Python is not in
    use for normal SWG functioning.
    CVE-2020-26137
    CVE-2022-0391
  • CVE-2022-34169 - There is no impact. SWG does not load untrusted
    code.
    CVE-2022-25647
    CVE-2022-21541
    CVE-2022-21540
    CVE-2022-21549
  • CVE-2022-37434 - Low impact, needs physical system access for
    successful exploitation.
  • CVE-2022-31676 - Low impact, need a patch to remedy the cve.
  • CVE-2022-29154 - There is no impact.CVSS score is high but it’s not a part of MWG main functionality
  • CVE-2022-2319 - Low impact, on SWG because xvfb is only used by Webswing, and webswing is not controlled externally.
    CVE-2022-2320 

For more information about these CVEs and their impact, see the Red Hat CVE portal.

  • Was this article helpful?